Trojans, including malicious applications that hide inside or masquerade as legitimate programs, have long been a problem on desktop computing devices. Increasingly, users are shifting more and more computing activity from desktops to mobile devices such as smart phones and tablets. Users may download mobile applications to play games, organize their calendar, message other users, track transit schedules, or perform a wide and ever-growing variety of other functions. As legitimate mobile applications increase in number, so too does the danger increase of users accidentally downloading a Trojan version of a legitimate application.
Many traditional systems for classifying applications as Trojans involve manual analysis of the applications to determine whether a particular instance of an application is legitimate. Such manual analysis may be inefficient and time-intensive. For example, these traditional manual systems may not be able to keep up with the vast quantity of new mobile applications being introduced to mobile application stores on a daily basis. Some traditional systems may be able to detect similar applications, but may not be able to make value judgments about which of the applications is legitimate. Similarly, these traditional systems may not be able to map Trojan applications to their corresponding legitimate applications, except through manual and time-intensive study. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for classifying package files as Trojans.